TryHackMe: Madness

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Madness challenge.

Room: https://tryhackme.com/room/madness
Level: Easy

Task: Use your skills to access the user and root account!

Lets get started

As usual, open the IP in the browser and do NMAP also

# nmap -T4 -A -sV 10.10.196.75
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 ac:f9:85:10:52:65:6e:17:f5:1c:34:e7:d8:64:67:b1 (RSA)
|   256 dd:8e:5a:ec:b1:95:cd:dc:4d:01:b3:fe:5f:4e:12:c1 (ECDSA)
|_  256 e9:ed:e3:eb:58:77:3b:00:5e:3a:f5:24:d8:58:34:8e (ED25519)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

There is 2 port open SSH and HTTP. Never mind. We can look back again. So, proceed to the webpage. There is nothing suspicious string in this page except the dead link on top. Lets see the code